1. Field of the Invention
The present invention relates generally to an improved data processing system, and in particular, to a computer implemented method for improving the efficiency in providing security information. More particularly, the present invention relates to a computer implemented method, system, and computer usable program code for protocol based key management in a data processing environment.
2. Description of the Related Art
Data is often exchanged between systems using some form of security. For example, a transmission may include data that has been encrypted using some encryption standard, such as an asymmetric key-pair. As another example, a message may be signed for authenticity, such as by using the private key associated with a digital certificate. Keys, codes, passwords, certificates, are some examples of security features used for securing data.
The security features are often stored and managed in some management system using certain policies that may apply to the use of those security features. For example, one user may be able to use a particular security feature, such as a certificate, for one part of a website but not for another part.
An entity, such as a system, an application, or a user may request a particular security measure, such as a key, from a management system. For example, a server may request a key for encrypting data to be transmitted. An application may request a key for decrypting encrypted data. A device, such as a tape drive, may request a key for encrypting data for storage or retrieving stored encrypted data. A server may request a certificate for establishing or validating a secure communication link.
When an entity requests a security feature, such as a key or a certificate, the management system processes and responds to such requests in accordance with certain policies. Generally, the policies used for servicing key requests are designed to establish that the requestor has appropriate ownership rights to the requested key before the request is granted.